Pre-empting problems like these requires explicit policies and deliberate and continuing processes to update them. Cities need to consider data security, rules about guaranteeing anonymity, archival procedures and the ability to conduct forensic internal audits.
As Seattle rolls out a citywide digital privacy initiative of unprecedented scale, which is expected to be fully in place by this fall, it looks to integrate the aforementioned measures to prevent such a backlash. Seattle proposes to control the way it collects, uses, retains and deletes data across departments. Leading the initiative is the city’s Department of Information Technology, headed by Chief Technology Officer (CTO) Michael Mattmiller.
To inform the effort, the city created an inter-departmental team (IDT) with members from 11 departments across the city’s government. Seattle also created a Privacy Advisory Committee composed of privacy experts from a broad swath of disciplines to guide the drafting of policies by recommending best practices to the IDT.
The IDT aims to develop policies that allow the city’s privacy practices to evolve as quickly as the ever-changing landscape of digital privacy dictates. As Mattmiller explains: “We can’t legislate or control for every new piece of technology coming into the market. Things are just changing too fast, and often regulation is lagging behind what the market can do.”
Instead, the CTO and his team compiled a list of principles that outline the ways the city wants to consider the public when using data. This ethical framework unites city departments under a shared commitment to processes and policies intended to keep data secure, transparent and accurate, while still allowing them to adapt their practices to the times.
In the next few months, Seattle will provide departments with a “privacy toolkit” to help them comply with these principles. As part of this kit, the city will require departments to complete annual online privacy and security awareness classes to help keep city officials up-to-date on the latest practices. It will also provide them with a Privacy Impact Assessment protocol that requires departments collecting new types of data, embarking on new programs or introducing new technologies to go through a process to self-assess any privacy risk that innovation may entail.
Seattle created a publicly accessible Web page on which departments will be required to share these assessments — part of a larger effort to be transparent about digital changes. By informing citizens of the heightened privacy measures that protect their data and the services the city delivers with that information, this initiative should allay residents’ anxieties about government use of their data, and in doing so, pave the way for future innovation.